How to set up SSL in AMIMOTO HHVM?

How to set up SSL for AMIMOTO HHVM is similar with the other types of AMIMOTO (PVM, HVM and RHEL).

Please also note that in AMIMOTO HHVM, the php-fpm .backend.conf (back-end configuration) is different, but (since the setting of SSL is only rewrite), the .conf (front-side setting) will be the same.

server {
  listen      443 default ssl;
  server_name _;
  root        /var/www/vhosts/{your EC2 Instance ID};
  index       index.html index.htm;
  charset     utf-8;

  ssl                  on;
  ssl_certificate      /path/to/cert.pem;
  ssl_certificate_key  /path/to/cert.key;
  ssl_session_timeout  5m;
  ssl_protocols  TLSv1 TLSv1.1 TLSv1.2;
  ssl_ciphers  HIGH:!aNULL:!MD5;
  ssl_prefer_server_ciphers   on;

  access_log  /var/log/nginx/ssl.access.log  main;
  error_log   /var/log/nginx/ssl.error.log;

  include     /etc/nginx/drop;

  rewrite /wp-admin$ $scheme://$host$uri/ permanent;
  #rewrite ^(.*)(index|home|default)\.html? $1 permanent;

  set $mobile '';
  #include /etc/nginx/mobile-detect;

  set $do_not_cache 0;
  if ($http_cookie ~* "comment_author_|wordpress_(?!test_cookie)|wp-postpass_" ) {
    set $do_not_cache 1;
  }
  if ($request_method != GET) {
    set $do_not_cache 1;
  }

  location / {
    try_files $uri @wordpress;

    # Pass all .php files onto a php-fpm/php-fcgi server.
    location ~ \.php$ {
      try_files $uri @wordpress;
      include /etc/nginx/php-fpm;
    }
  }

  location @wordpress {
    internal;

    proxy_no_cache     $do_not_cache;
    proxy_cache_bypass $do_not_cache;

    proxy_redirect     off;
    proxy_cache        czone;
    proxy_cache_key    "$scheme://$host$request_uri$mobile";
    proxy_cache_valid  200 0m;
    proxy_pass http://backend;
  }

  #
  # When you use phpMyAdmin, uncomment the line "include /etc/nginx/phpmyadmin;"
  # and delete or comment out the below line "location ~* /(phpmyadmin|myadmin|pma) { }".
  #
  #include     /etc/nginx/phpmyadmin;
  location ~* /(phpmyadmin|myadmin|pma) {
    access_log off;
    log_not_found off;
    return 404;
  }

  #
  # redirect server error pages to the static page /50x.html
  #
  error_page  502 503 504  /50x.html;
  location = /50x.html {
    root   /usr/share/nginx/html;
  }
}

Seeing above, please create the file /etc/nginx/conf.d/ssl.default.conf.

In doing so, replace {your EC2 Instance ID} with your EC2 instance ID.
(If you have no idea about this, it is ok to copy the same row of /etc/nginx/conf.d/default.conf)

Also, at line 9 and 10, please specify the path to the server certificate and private key you would like to use.

Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.
Powered by Zendesk